I am working on a grails web application which uses Apache Shiro for authentication purpose. Now I have been asked to implement SSO and Active directory integration to this application. Since I am new to LDAP/AD I have hard time to implement it properly.

Here is what I did, I generated a ShiroLdapRealm.groovy file by executing following command as mentioned on some websites.

grails create-ldap-realm

Then I added few configuration properties for LDAP in grails-app/conf/Config.groovy.

But now I am unsure about how to get the currently logged in windows user in my application and provide a UsernamePasswordToken to authenticate against this generated ShiroLdapRealm. I simply want to provide a SSO experience with shiro where user comes from Windows Active Directory. I was not able to find any good documentation for this.

Also I am confused about whether to use ShiroLdapRealm or ActiveDirectoryRealm as mentioned in some posts. What could be difference between these two? Which one to use when?